I don't know anything about immutable distros, but any good VPN provide Wireguard or OpenVPN config that you can just import into your network settings/manager. Mullvad does.
this post was submitted on 20 Mar 2024
62 points (98.4% liked)
Linux
47946 readers
1764 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
They do, but networkmanager doesnt have the necessary features like a block mode. Read my other comment.
Btw there is a GNOME applet for mullvadvpn, so you dont need to use electron, just the background stuff.
Came here to say this too
While this is true, using Wireguard or OpenVPN config files requires more fuss to change servers compared to using the provider's VPN client.
Very cool! Mullvad also updated their Linux install guides to reference the repos immediately, but they use dnf for whatever reason, making it unnecessarily complicated (issue report).
Your commands where good and secure, but this is a quicker way
curl https://repository.mullvad.net/rpm/stable/mullvad.repo` | sudo tee /etc/yum.repos.d/mullvad.repo
rpm-ostree install --reboot mullvad-vpn libappindicator-gtk3
systemctl enable --now mullvad-daemon
You dont need sudo for rpm-ostree and systemctl, they work natively with polkit. In general you can replace sudo with pkexec in your shell config and have easier and more granular permission controls. But dont remove sudo, that will currently break at least some things like shutdown.
Top-tier comment thanks for the contribution
Why not just "Flatpak" it and be done with it?
Doesnt work. Networkmanager has no native concept of a "airtight VPN mode".
The mullvad daemon does stuff like
- control DNS
- block internet when not connected
- prevent early boot connections
Those require it to be privileged. For sure it would be nice to have all these features integrated into networkmanager, and vpn apps just placing their wireguard configs and DNS settings in there.
But for now the Mullvad App is way better than what we have. You can also keep a very insecure DNS conf (no DNSSEC, no DOT, no custom servers) as a fallback for public wifi bs, and when the Mullvad app is running the system uses a secure DNS.
Very good points. But can't you provide those permissions to the flatpak via flatseal or something?
Only if there was a portal, I would suppose. But idk to be honest. Flatpaks can write to /etc if they want.